Remote Code Execution (RCE) Affecting org.apache.solr:solr-velocity Open this link in a new tab package, versions [5.0.0, 8.4.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
31 Dec 2019
30 Dec 2019
How to fix?
org.apache.solr:solr-velocity to version 8.4.0 or higher.
org.apache.solr:solr-velocity is an open source enterprise search platform built on Apache Lucene
Affected versions of this package are vulnerable to Remote Code Execution (RCE)
VelocityResponseWriter class. A user defined
configset could contain renderable Velocity templates.